CVE-2023-25940

CWE-593 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 68.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Powerscale OnefsDell EMC Powerscale Onefs
Timeline
PublishedApr 4

Description

Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5dell/powerscale_onefs9.5.0.0

Patches

Patch: www.dell.comPatch: www.dell.com

🔴Vulnerability Details

2
GHSA
GHSA-rjjx-559w-3h9w: Dell PowerScale OneFS version 92023-04-04
CVEList
CVE-2023-25940: Dell PowerScale OneFS version 92023-04-04
CVE-2023-25940 (HIGH CVSS 7.8) | Dell PowerScale OneFS version 9.5.0 | cvebase.io